• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
Computer Business World News

Computer Business World News

Trending News about Computers, Business and Tech

  • Home
  • BUSINESS
  • CAREERS
  • CLOUD
  • COMPUTERS
  • CYBERSECURITY
  • I.T.
  • TECH
  • VOIP
  • About

This file-sharing app with over a billion downloads has some major security flaws System Hardening Android

by

One of the most popular Android file sharing apps has several vulnerabilities that haven’t been fixed by its developers for over three months, new research has claimed. 

Security researchers at Trend Micro discovered the shortcomings in the ShareIT app that if exploited, can not only leak a user’s sensitive data, but can also execute arbitrary code on the device. 

More worryingly, the vulnerabilities were brought to the attention of the app’s publishers over three months ago, but have seemingly decided to ignore the report.

Improper defaults

“We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission,” noted Trend Micro in its report.

Even more worryingly, the researchers add that any attacks launched by exploiting these vulnerabilities will be hard to detect as they masquerade the legitimate operations of the app.  

While discussing the vulnerabilities in detail, the researchers say that the flaws exist because the app implements its sharing functions with improper settings that leave it prone to abuse.

The researchers were able to successfully exploit the vulnerabilities with a proof-of-concept app to gain temporary read/write access to the data on the device, and even managed to run arbitrary code on the device. 

Since ShareIT’s developers failed to respond to the researchers, they’ve also brought it to the attention of Google – however, there has been no response as yet, and the app still continues to be listed on the official Android Play Store.

View Source

Filed Under: COMPUTERS

Primary Sidebar

More to See

After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. – Magnolia State Live

After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. Published 6:45 am Monday, January 30, 2023 … [Read More...] about After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. – Magnolia State Live

CSH Triples Its Computing Power

by Jake W Streamer | published Jan. 30th, 2023 … [Read More...] about CSH Triples Its Computing Power

4 tips for IT career growth in 2023

Despite increasing layoffs across the country, demand for IT pros remains high, especially for software developers and senior software … [Read More...] about 4 tips for IT career growth in 2023

Footer

SITE INFORMATION

COMPUTER BUSINESS WORLD NEWS

About/Contact

Privacy Policy

Thank you for visiting our website.

Recent

  • Russian millionaire on trial in hack, insider trade scheme
  • After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. – Magnolia State Live
  • CSH Triples Its Computing Power

Search

Copyright © 2023 Computer Business World